BLS Multi-Signatures With Public-Key Aggregation
Authors: D. Boneh, M. Drijvers, and G. Neven
Abstract:
This short note describes a simple approach for aggregating many
BLS signatures on a common message, so that verifying the short
multi-signature is fast.
Moreover, the system supports public key aggregation,
where the verification algorithm only uses a short aggregated public key.
The original public keys are not needed for verifying the
multi-signature.
An important property of the construction is that the scheme is secure
against a rogue public-key attack without requiring users to
prove knowledge of their secret keys (this is sometimes called
the plain public-key model).
The construction builds upon the work of Bellare and Neven,
and the recent work of Maxwell, Poelstra, Seurin, and Wuille.
Reference:
web note
Full paper: html
Related papers: The full version of this work titled Multi-signature schemes for Bitcoin is currently under review.